Bug 24422

Summary:	Multiple phpCAS library vulnerabilities: CVE-2010-2795, CVE-2010-2796, CVE-2010-3690, CVE-2010-3691, CVE-2010-3692
Product:	Sisyphus	Reporter:	Vladimir Lettiev <crux>
Component:	moodle	Assignee:	Andrey Cherepanov <cas>
Status:	CLOSED FIXED	QA Contact:	qa-sisyphus
Severity:	blocker
Priority:	P3	CC:	cas, mike
Version:	unstable	Keywords:	security
Hardware:	all
OS:	Linux
URL:	http://moodle.org/mod/forum/discuss.php?d=160857

Description Vladimir Lettiev 2010-10-26 01:39:53 MSD

The CAS authentication plugin is using the phpCAS library internally. The latest version contains fixes for multiple security problems.

Fixed in moodle >= 1.9.10

Comment 1 Michael Shigorin 2012-01-04 23:16:41 MSK

moodle-1.9.15.20111223-alt1 сойдёт?